Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An important supply chain incident has rocked the security industry by showing us that some of the biggest security enterprises are also threatened by the risk of third-party SaaS product integrations. The incident, involving Salesloft Drift, a marketing automation solution integrated with Salesforce, resulted in the threat actor getting OAuth tokens. These tokens allowed them to exfiltrate massive volumes of sensitive data about customers, including account records, case information, and contact data.

It's 8:47 AM. Your phone buzzes with another "urgent" DLP alert. You've already ignored three this morning. This one screams "SENSITIVE DATA DETECTED" in all caps. But it’s just a lunch menu with a credit card number for catering. You silence the notification and grab your coffee. What you don't know? While you're dismissing false alarms, your VP of Finance just dropped next quarter's earnings in a public Teams channel. Your DLP system? Completely silent.

Security teams spend hours stitching together logs from disconnected systems during investigations. Learn how to get clarity in minutes by tracing identity signals across everything in your stack.

Remote support is essential for modern IT operations, but legacy tools have become a growing liability. In 2024, a series of high-profile breaches revealed how attackers exploited remote access platforms to infiltrate critical systems. These incidents exposed not only technical vulnerabilities but also the broader financial, operational, and reputational risks tied to outdated support architectures.

Endpoint data loss prevention (DLP) is a critical compliance service designed to ensure that an organization's sensitive or confidential information remains secure by implementing robust security controls and continuously monitoring devices to protect data from unauthorized access or transmission and prevent potential data breaches.

If your website or digital app collects, tracks, or sells data from Colorado residents, chances are the Colorado Privacy Act (CPA) applies to you. Like California’s CCPA and Virginia’s VCDPA, the CPA is part of the growing patchwork of state-level privacy laws reshaping how U.S. businesses handle personal data. Yet many companies underestimate the scope of the Colorado Privacy Act—or assume compliance is covered by PCI DSS or HIPAA if they process payments or healthcare data.

Just because ransomware attacks have decreased doesn’t mean that the risk has disappeared. Indeed, it remains one of the most disruptive threats to any organisation. Headlines can convey a false sense of relief: Ransomware attacks are down 15%, according to Verizon's latest DBIR report. But for those of us who work in cybersecurity, we know that this doesn't tell the whole story, especially when the real issue isn't how often an attack occurs, but what happens when it does.

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.

Remote access scams are social engineering attacks where fraudsters convince users to install or open remote desktop tools like TeamViewer or AnyDesk. Once inside, they hijack login flows, harvest credentials, and often bypass MFA, opening a hidden path to account takeover (ATO). These scams are rising fast, exploiting customer trust and evading traditional fraud controls.

Over the past few years, artificial intelligence (AI) has transformed millions of organizations worldwide. AI can automate rote tasks, facilitate natural-language interfaces, and pick up subtle patterns in huge data sets. It can also hallucinate wrong answers, reinforce societal biases, and even introduce cybersecurity risks. Before incorporating the technology into their workflows, responsible organizations must weigh the benefits and risks of AI.